KPMG: 95 Percent of Businesses Not Cookie Law Compliant

Almost every major business in the UK with an online presence is not compliant with cookie laws due to be enforced from 26 May, according to a study.

Last year, the Information Commissioner’s Office (ICO) gave UK companies a year to get into line with the EU regulations, which require them to obtain consent before placing a cookie on a user machine.

Yet just five percent of the 55 major organisations surveyed by KPMG had got their websites up to scratch, indicating few are worried about repercussions, or understand the dangers of non-compliance. The ICO has the ability to fine companies up to £500,000 if it believes an infraction is serious enough.

Countdown to the cookie crumble

“With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites. Time is running out for them so they need to act to avoid severe financial penalties,” said Stephen Bonner, a partner in the Information Protection and Business Resilience business team at KPMG.

“Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive.”

The ICO said it was clear many websites still have much work to do. “We are almost at the end of the year long lead in period and it is vital that organisations start demonstrating that they are moving towards becoming compliant,” a spokesperson said.

“The ICO continues to work with the Department for Culture, Media and Sport as well as other industry bodies including the Internet Advertising Bureau and website operators to help websites in the UK become complaint with the new changes brought in by the amended Privacy and Electronic Communications Regulations.

“We have always been clear that organisations need to provide visitors to their website with enough information to enable individuals to make an informed choice on whether they wish for cookies to be placed on their device. How websites achieve this will depend on how their existing website currently uses cookies, there is no one size fits all approach, however the ICO’s guidance aims to point websites in the right direction towards full compliance.”

Some believe the rules are simply unenforceable. Cory Doctorow, science fiction writer, an Open Rights Group founder and co-editor of the Boing Boing blog, recently told TechWeekEurope “consent isn’t going to work”.

“Do you know what you’re going to get? A hundred ‘I Agrees’ the first time you visit the web page and then you’ll never see them again because that’s what people do. The more of those choices you ask people to make, the worse they get at making them,” Doctorow said.

How much do you know about Internet securit? Take our quiz